From owner-freebsd-net@FreeBSD.ORG Tue Jun 7 09:37:21 2005 Return-Path: X-Original-To: FreeBSD-net@FreeBSD.org Delivered-To: FreeBSD-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1044B16A41C for ; Tue, 7 Jun 2005 09:37:21 +0000 (GMT) (envelope-from grog@lemis.com) Received: from blackwater.lemis.com (wantadilla.lemis.com [192.109.197.135]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44D0F43D1F for ; Tue, 7 Jun 2005 09:37:18 +0000 (GMT) (envelope-from grog@lemis.com) Received: by blackwater.lemis.com (Postfix, from userid 1004) id 46C70856A7; Tue, 7 Jun 2005 19:07:17 +0930 (CST) Date: Tue, 7 Jun 2005 19:07:17 +0930 From: Greg 'groggy' Lehey To: FreeBSD-net@FreeBSD.org Message-ID: <20050607093717.GA76296@wantadilla.lemis.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="azLHFNyN32YCQGCU" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 9A1B 8202 BCCE B846 F92F 09AC 22E6 F290 507A 4223 Cc: Subject: Re: Problems with gif tunnels X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jun 2005 09:37:21 -0000 --azLHFNyN32YCQGCU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I posted this message to the -questions list an hour or so ago. Possibly it's of interest to people on this list. Certainly the problem is non-obvious, so even (as I suspect) if it's my fault, it would be interesting to document the problem. Greg ----- Forwarded message from Greg 'groggy' Lehey ----- > Date: Tue, 7 Jun 2005 17:56:14 +0930 > From: Greg 'groggy' Lehey > To: FreeBSD Questions > Subject: Problems with gif tunnels > > I've just installed an ADSL line, and I'm trying to route a class C > network. For some reason the ISP does this kind of routing via a GRE > tunnel, and I'm having the devil's own job getting it to work. Here's > the current situation: > > 1. ADSL line is up and running. I have a /30 with the following > addresses: > > 150.101.14.9 gateway address > 150.101.14.10 local address > > 2. To this line, I want to install a tunnel for 192.109.197.0/24. > The ISP tells me to set up a tunnel between the local address > (150.101.14.10) and their tunnel address 203.16.215.227. > According to recent (5.x) documentation, this should be done with: > > ifconfig gif0 tunnel 150.101.14.10 203.16.215.227 up > > 3. Obviously I also need to have IP forwarding enabled. > > So I do all this and get: > > xl0: flags=8843 mtu 1500 > options=9 > inet 192.109.197.143 netmask 0xffffff00 broadcast 192.109.197.255 > inet6 fe80::204:75ff:fefa:a80%xl0 prefixlen 64 scopeid 0x1 > ether 00:04:75:fa:0a:80 > media: Ethernet autoselect (10baseT/UTP) > status: active > rl0: flags=8843 mtu 1500 > options=8 > inet6 fe80::202:44ff:fe59:7076%rl0 prefixlen 64 scopeid 0x2 > inet 150.101.14.10 netmask 0xfffffffc broadcast 150.101.14.11 > ether 00:02:44:59:70:76 > media: Ethernet autoselect (10baseT/UTP) > status: active > gif0: flags=8051 mtu 1452 > tunnel inet 150.101.14.10 --> 203.16.215.227 > inet6 fe80::204:75ff:fefa:a80%gif0 prefixlen 64 scopeid 0x5 > > Destination Gateway Flags Refs Use Netif Expire > default 150.101.14.9 UGS 0 7 rl0 > 150.101.14.8/30 link#2 UC 0 0 rl0 > 150.101.14.9 00:90:1a:40:09:98 UHLW 2 2 rl0 903 > 192.109.197 link#1 UC 0 0 xl0 > 192.109.197.135 00:10:4b:66:1e:e9 UHLW 0 6757 xl0 1056 > 192.109.197.137 00:50:da:cf:07:35 UHLW 0 99336 xl0 1188 > 192.109.197.255 ff:ff:ff:ff:ff:ff UHLWb 0 34521 xl0 > 203.16.215.227 150.101.14.9 UGHS 1 4 rl0 > > net.inet.ip.forwarding: 1 > > I then get somebody from the other end to ping me: > > 17:49:10.228597 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6908 > 17:49:11.229188 IP 203.16.215.227 > 150.101.14.10: IP 192.83.231.16 > 192.109.197.145: icmp 64: echo request seq 6909 > > But that's all. Nothing goes out. I've tried this on different > systems, and I know somebody else who is using what looks like an > identical configuration with this ISP, and it works fine. I've tried > different systems, one and two NICs, 4.x and 5.x, all with the same > (non)result. What am I missing? > > Greg > -- > The virus contained in this message was not detected. > > When replying to this message, please copy the original recipients. > If you don't, I may ignore the reply or reply to the original recipients. > For more information, see http://www.lemis.com/questions.html > > Finger grog@FreeBSD.org for PGP public key. > See complete headers for address and phone numbers. ----- End forwarded message ----- -- The virus contained in this message was not detected. Finger grog@FreeBSD.org for PGP public key. See complete headers for address and phone numbers. --azLHFNyN32YCQGCU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCpWrNIubykFB6QiMRAnV0AJ9NuehKLb6BySLK3wHx8ZUelXTEogCdEvhV Ny5EqOnThlqd60s20TE3Lyg= =t1/p -----END PGP SIGNATURE----- --azLHFNyN32YCQGCU--